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DETAILED ACTION 

1 . This is a response to the response, filed 1/30/07. 

2. Claims 6-11, 13-17, 20,23, and 26-30 are pending. 



Response to Amendment/Arguments 

3. Applicant's arguments filed 1/30/07 have been fully considered but they are not 
persuasive. Applicant argues that the prior art does not teach "partitioning resources of the 
server to establish an instance of each virtual server by allocating units of storage and network 
addresses of network interfaces of the server to each instance of the virtual server ... enabling 
controlled access to the resources using logical boundary checks and security interpretations of 
those resources within the server by comparing configuration information of a unit of storage 
requested by a particular vserver with the resources allocated to that particular server". The 
Examiner disagrees. The claimed invention requires establishing a virtual server by allocating 
storage resources and address to the virtual server. Wesinger teaches establishing virtual servers 
by establishing virtual hosts (multi-homed servers VHl-VHn; 1/9,12; 2/23,26); each virtual host 
has separate resources (as defined by the Web server and configuration files, each has own 
assigned storage resources and address; 1/9,12; 2/23,26). Each server has an assigned network 
address because each acts as a distinct and independent server (1/12; 2/24,26). Access to the 
resources of the (physical) server requires the request to pass access rules set up by the 
configuration file of each virtual host/server, which checks for access privilege to areas assigned 
to that virtual server, which is a part of the physical web server (3/39-41). All access rules must 
be satisfied before access can be gained to access the resources of the host. 
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4. Applicant argues Wesinger does not teach "assigning network addresses or units of 
storage to each virtual host". The Examiner disagrees. Wesinger teaches running multiple 
virtual servers on the same physical machine. 

5. Applicant argues Wesinger does not teach "determining if a virtual host can access 
certain storage locations within the physical server." The Examiner disagrees. Wesinger clearly 
teaches that in order to access the virtual host/server, which is part of the physical web server, all 
access rules must be satisfied (3/39-41). Thus, in order to access the physical resources of the 
web server, of which the virtual host belongs, the request is checked to determine whether access 
is allowed. 

6. For the above reasons, the Examiner maintains the previous rejection to the claims under 
Wesinger. The Examiner suggests Applicant narrow the claim language to differentiate the 
claimed invention over the prior art cited. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. 

7. Claims 6-11,13-17, 20,23,26-30 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Wesinger, Jr. et al (US 2001/001 1304 Al), hereinafter as Wesinger. 

As to claim 6,20,23,26-30: 
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8. Wesinger teaches a method and means for creating and maintaining a plurality of virtual 
servers within a server, the method comprising the steps of: 

partitioning resources of the server to establish an instance of each virtual server (multi- 
homed servers VHl-VHn; 1/9,12; 2/23,26) by allocating units of storage and network addresses 
of network interfaces of the server to each instance of the virtual server (as defined by the Web 
server and configuration files, each has own assigned storage resources and address; 1/9,12; 
2/23,26), and sharing an operating system and a file system of the server among all of the virtual 
servers (implementing a physical machine into multiple virtual hosts; 2/23-24); 

enabling controlled access to the resources using logical boundary checks and security 
interpretations of those resources within the server by comparing configuration information of a 
unit of storage requested by a particular vserver with the resources allocated to that particular 
vserver (All access rules must be satisfied before access can be gained to access the resources of 
the host; 3/39-41); and 

providing a virtual server context structure including information pertaining to a security 
domain of the virtual server (rules database in configuration file; 2/23-24, 3/38-41). 
As to claim 7: 

9. Wesinger teaches the step of providing a vfstore list of the virtual server context 
structure, the vstore list comprising pointers to vfstore soft objects, each having a pointer that 
references a path to a unit of storage allocated to the vfiler (configuration file; 2/23-24; 3/38-39). 
As to claim 8: 

10. Wesinger teaches providing a vfnet list of the virtual server context structure, the vfnet 
list comprising pointers to vfnet soft objects, each having a pointer that references an interface 
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address data structure representing a network address assigned to the virtual server (each virtual 
host has different IP address; 1/9,12; 2/23,26; 3/39). 
As to claim 9-10,15,16: 

1 1 . Wesinger teaches performing a virtual server boundary check to verify that a virtual 
server is allowed to access certain storage resources of the filer (security access check; 4/48-51). 
As to claim 1 1 : 

12. Wesinger teaches determining whether the virtual server is authorized to access the unit 
of storage; if the virtual server is not authorized to access the requested unit of storage, 
immediately denying the request (deny unauthorized request; 4/51); otherwise, allowing the 
request; and generating file system operations to process the request (process authorized request; 
4/52). 

As to claim 13,14,17: 

1 3 . Wesinger teaches a system adapted to create and maintain a plural ity of virtual servers 
within a server, the system comprising: 

a storage media configured to store information as units of storage resources, the units of 
storage resources allocated among each of the virtual servers ((multi-homed servers VHl-VHn; 
1/9,12; 2/23,26); 

one or more network interfaces assigned one or more network address resources, the 
network address resources allocated among each of the virtual servers (each has own assigned 
storage resources and address; 1/9,12; 2/23); 

an operating system having a file system resource adapted to perform a boundary check 
to verify that a request is allowed to access to certain units of storage resources on the storage 
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media, each virtual server allowed shared access to the file system, where the boundary check is 
performed by comparing configuration information of a unit of storage requested by a particular 
vserver with the one or more units of storage resources and the one or more network address 
resources allocated to that particular server (All access rules must be satisfied before access can 
be gained to access the resources of the host; 3/39-41); 

a context data structure provided to each virtual server, the context data structure 
including information pertaining to a security domain of the virtual server that enforces 
controlled access to the allocated and shared resources (rules database in configuration file 
enforcing access control; 2/23-24; 3/38-41); and 

a processing element coupled to the network interfaces and storage media, and 
configured to execute the operating and file systems to thereby invoke network and storage 
access operations in accordance with results of the boundary check of the file system (physical 
network resource to perform storage access operations; Fig. 1; 2/23-24; 4/52). 

Conclusion 

14. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Than Nguyen whose telephone number is 571-272-4198. The 
examiner can normally be reached on M-F 8-4. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Donald Sparks can be reached on (571) 272-4201. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Primary Examiner 
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